DATA SECURITY

PAGO Selects Open XDR Security Platform of Stellar Cyber to Unify Standalone Tools and Speed up Detection and Response

PAGO | February 08, 2022

PAGO
PAGO, a South Korean MDR provider and value-added reseller, has embraced Stellar Cyber's Open XDR Platform to expand PAGO's security-as-a-service program for organizations across the country. Stellar Cyber is the leading security operations platform for MSSPs and the creator of Open XDR.

PAGO has thoroughly integrated stand-alone EDR, SIEM, UEBA, NTA, AD Security, TI Interworking, Cloud Security, and Sandbox products for its MDR service but found it nearly hard to correlate inputs from various tools to acquire a holistic view of its clients ' total security manually. PAGO is now automatically analyzing and connecting data from multiple devices to enable faster intrusion responses for its clients, thanks to the Stellar Cyber Open XDR Platform.

“We needed an MDR service system that processed multiple tools’ threat data with an integrated, AI-powered, Big Data system,” said Paul Kwon, CEO at PAGO. “The Stellar Cyber Open XDR platform is the first we’ve seen that unifies and correlates data from our various security tools and responds automatically to significantly improve our customers’ security while enabling us to manage our in-house resources better.”

The Open XDR Platform from Stellar Cyber combines data from all existing security tools (as well as data from its sensors), analyses it for anomalies, displays and prioritizes contextual security incidents in an intuitive dashboard, and responds automatically through those tools to provide near-real-time protection. As a result, MDR security specialists like PAGO can use Stellar Cyber's platform to monitor customers' comprehensive security profiles and take swift action when risks are detected from a single console.

“MDRs and MSSPs love our platform because it allows them to leverage investments in existing security tools and deliver high-margin detection and response services without scaling analyst staffs,”  “We built AI and Big Data into our platform from the beginning to enable this scalability through automation.”

Brian Stoner, VP of the MSSP business unit at Stellar Cyber

Spotlight

Cloud computing represents the most recent stage in the software industry’s continuous evolution towards more efficient, resilient, and feature-filled software systems. The establishment of commercial clouds is fueling a strong paradigm shift with respect to how software systems are deployed as a result of their innate cost-effectiveness, opportunities for increased system reliability and availability, etc. Malicious software (or malware) has, of course, evolved in parallel.


Other News
SOFTWARE SECURITY

Noetic Cyber Delivers Platform Update to Bring Data Science into Cyber Asset Management

Noetic Cyber | June 06, 2022

Noetic Cyber, an innovator in Cybersecurity Asset Attack Surface Management (CAASM), today announced the availability of a new version of its Continuous Cyber Asset Management and Controls platform. The latest version of the Noetic platform is focused on delivering immediate time to value for security teams by identifying high priority security gaps and exploitable vulnerabilities, using innovative data science techniques. Since its public launch in July 2021, Noetic has been working with security leaders in the United States and the United Kingdom to help them reduce their growing attack surface and improve their cybersecurity posture. The challenge these cyber leaders often face is to understand cyber risk across complex environments, where assets can exist for a short period of time in public or private cloud platforms, as well as having to manage legacy on-premises workloads. To gain the insights needed to be effective, they need confidence in their data quality, full visibility across all assets and contextual intelligence to help prioritize decision making. "The continued innovation we are delivering reflects the expanding use cases we see across our customer base. "Security teams are putting cyber asset intelligence at the heart of their security programs and our ability to continuously adapt and respond to changing environments is critical to their success." Paul Ayers, CEO and co-founder, Noetic Cyber Delivering Immediate Time to Value Security teams need to know what assets they have, and understand which ones are creating the most cyber risk. Noetic is delivering innovative cyber asset intelligence to help customers assess their current cyber posture readiness and focus the security team's efforts on the highest priority activities. The Noetic platforms helps customers successfully do this with: External Cyber Asset Intelligence – Mapping industry data including CISA's Known Exploited Vulnerabilities catalog, MITRE ATT&CK® mitigations and others to provide greater context on asset risk and exposure. Coverage Gap dashboards –Helping security teams quickly identify common and easily resolved security coverage gaps. Support for ad-hoc security data – Many organizations keep important information on critical applications or security risks in spreadsheets. Noetic's new data ingestion capability supports importing ad-hoc data into the model. Simplifying and Extending Cyber Asset Management use cases The Noetic platform uses Graph database technology to map cyber relationships between assets. This innovative technology approach enables Noetic to navigate deep hierarchies and find hidden connections, providing the context to help security teams to make more informed decisions. The latest release of the Noetic platform builds on native Graph capabilities to deliver additional value such as: Understanding & improving data quality –Noetic's new data analytics feature automatically and continuously analyzes data for each different source for completeness and accuracy, providing a data quality score. Simplifying Graph queries – Noetic has adopted openCypher, a widely used open query language. Noetic has developed a graphical point-and-click UI to guide security analysts through the steps of creating powerful relationship-based queries with little or no training. Supporting Cloud and On-premises applications – Organizations need to protect assets across public and private clouds, as well as traditional on-premises networks. Noetic Outpost supports secure ingestion from behind the corporate firewall, and private clouds. "The challenge of identifying and managing assets in the context of cybersecurity has grown considerably in recent years," said Dr. Ed Amoroso, CEO of TAG Cyber. "Noetic's innovations are important as their ability to prioritize and automate helps security teams to focus on critical areas of cyber risk." About Noetic Cyber Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, fix and improve their security posture and enterprise ecosystem. Our goal is to improve security tools and control efficacy by breaking down existing siloes and improving the entire security ecosystem. Founded in 2019, Noetic is based in Boston and London.

Read More

PLATFORM SECURITY

Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work

Talon Cyber Security | August 04, 2022

Talon Cyber Security, the leading secure enterprise browser provider, today announced $100 million in Series A funding, led by Evolution Equity Partners, with participation from Ballistic Ventures, CrowdStrike’s Falcon Fund, Merlin Ventures, SYN Ventures and previous investors CrowdStrike co-founder and CEO George Kurtz, Lightspeed Venture Partners, Sorenson Ventures and Team8. The funds will be used to accelerate go-to-market efforts to meet the increasing global demand for Talon’s secure enterprise browser, TalonWork, and deliver new product enhancements to continuously improve security for modern workforces. As organizations have embraced distributed work for employees and contractors, the reliance on SaaS applications has risen, and security needs have evolved drastically. The traditional ways of enabling secure access to enterprise applications are complex, expensive, and put organizations at risk. The TalonWork browser simplifies security by allowing secure access to corporate applications and data on any device, managed or unmanaged, and on any operating system. With Talon, security teams benefit from deep visibility into browser and application activity, as well as native security features like authentication, data loss prevention and Zero Trust controls. Based on Chromium, TalonWork delivers the consistent and familiar user experiences expected by today’s workers, fostering productivity across the enterprise. “We have built the team and technology to redefine and power security for the future of work – a future where security is delivered naturally through the enterprise’s most heavily-used application: the browser. “The world and the applications the largest organizations rely on are moving to the web, creating an extensive need for a vehicle that can provide secure access without changing the way work is conducted. This new funding will allow us to continue to show why that vehicle is Talon’s secure enterprise browser.” Ofer Ben-Noon, co-founder and CEO, Talon Cyber Security Co-founded by Ben-Noon and CTO Ohad Bobrov, Talon was named the winner of the Innovation Sandbox Contest at RSA Conference 2022, and has demonstrated unrivaled market and technical leadership since launching the industry’s first secure enterprise browser in October 2021. The company’s recent momentum includes numerous customer deployments at large organizations, the release of the industry’s first secure enterprise browser for mobile devices, and established partnerships with the two leaders in endpoint security: CrowdStrike and Microsoft. The round includes the conversion of $17 million in SAFE (Simple Agreement for Future Equity) investments announced earlier this year into A round shares, bringing Talon’s total amount raised to over $126 million. As part of today’s announcement, Richard Seewald, Founder and Managing Partner of Evolution Equity Partners, is joining Talon’s board of directors. “In cybersecurity, the word innovative gets thrown around often, but with Talon, it is a perfect descriptor,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “I have never seen a company create and lead a category with such authority, and experience such impressive traction with customers so quickly. Talon has the potential to become one of the leading companies in the broader security industry, and it’s an honor to help them on their journey.” “Today’s threat environment is complex, but an organization’s approach to security should not be,” said George Kurtz, co-founder and CEO, CrowdStrike. “By delivering enterprise-grade security through the TalonWork browser, Talon makes security simple and effective for its customers.” “When we launched Ballistic, we made it our mission to find and partner with companies that have the technology and what it takes to change the trajectory of cybersecurity, and Talon fits this bill perfectly,” said Jake Seid, co-founder and General Partner, Ballistic Ventures. “The browser has fundamentally become the most important tool for today's workforce. Talon’s secure enterprise browser does something few security products do. It offers the trifecta of strong security, seamless end-user experience, and low cost and complexity for the enterprise. Talon’s team and solution are some of the strongest I have ever come across, and this financing will help propel the company to new heights.” “From my time as a CISO and now as an investment partner for leading security companies, I have evaluated countless technologies,” said Jay Leek, co-founder and Managing Partner, SYN Ventures. “The widespread problem that Talon addresses and the time to value of its technology is beyond impressive – it's a game changer. I’m thrilled to have the opportunity to work with the company and help accelerate its growth.” About Talon Cyber Security Talon Cyber Security is modernizing security programs and improving user experiences for hybrid work by delivering the first secure enterprise browser. Built on Chromium, the TalonWork browser provides customers with the consistent user experiences, deep security visibility, and control over SaaS and web applications needed to simplify security for the future of work. Talon was named the Most Innovative Startup of 2022 at the prestigious RSA Conference Innovation Sandbox Contest.

Read More

SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

SOFTWARE SECURITY

JFrog Advances Software Development Collaboration, Automation, Speed, and Security with New Microsoft Teams App

JFrog | July 12, 2022

JFrog Ltd. , the Liquid Software company and creators of the JFrog DevOps Platform, today unveiled new integrations for JFrog Artifactory - the world's leading binary repository – and its JFrog Xray advanced security solution - with the Microsoft Teams collaboration platform. Available immediately, the JFrog App for Microsoft Teams delivers organization-wide visibility into security and software development events, such as failed builds, security vulnerabilities, or compliance issues. Using the new app, development team members can both assign and execute the tasks required to address issues, accelerating time-to-resolution. "Designing software and keeping it up-to-date has always been a team effort – but the urgency of that collaboration becomes even more important when builds fail or security vulnerabilities strike. “Our goal is to empower developers with solutions that enable efficient, cross-team communications on the platforms they’re already using day-to-day, which is why integrating with Teams was a logical choice. The JFrog App for Microsoft Teams makes it easier for developers to notify and collaborate with the wider business to devise and execute a speedy path to resolution." Stephen Chin, Vice President of Developer Relations, JFrog Many software teams use Teams to collaborate and provide visibility into development events or security vulnerabilities using both public and private group channels, as well as direct messaging. The new JFrog App for Microsoft Teams delivers insight into whether artifacts are being uploaded, moved, copied, or deleted, so developers and their extended team of stakeholders from across the organization can quickly make informed decisions and take action to keep their software pipelines on track and secure. “Microsoft Teams changes the way work gets done. It helps remote colleagues and partners collaborate and stay connected even when they’re working apart – and there are few places where collaboration is as critical to a project’s success as software development,” said Ben Summers, Director, Teams & Microsoft 365 Platform Marketing at Microsoft. “This integration aims to make life easier for developers who are already using Teams for their everyday work to share project or security updates with their extended set of stakeholders in one click.” Other features and benefits of the JFrog App for Microsoft Teams include: Accelerated vulnerability resolution - Integrating JFrog Artifactory and JFrog Xray with Teams significantly decreases the time it takes to resolve development challenges or security issues. Improved collaboration - Developers can use Teams to both delegate action items to extended team members - across departments – and take action on assigned tasks and provide status updates during each phase of the software development lifecycle. Quality assurance – Easily configure JFrog Xray policies and watches to monitor targeted artifact repositories used for test and staging environments, and tag team members on security vulnerabilities and compliance violations through Teams for prompt resolution. About JFrog JFrog Ltd.is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back

Read More

Spotlight

Cloud computing represents the most recent stage in the software industry’s continuous evolution towards more efficient, resilient, and feature-filled software systems. The establishment of commercial clouds is fueling a strong paradigm shift with respect to how software systems are deployed as a result of their innate cost-effectiveness, opportunities for increased system reliability and availability, etc. Malicious software (or malware) has, of course, evolved in parallel.

Resources